What the vulnerability does
01Description
Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
What the vulnerability does
Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.
Explanation of Vulnerability in Simple Terms
Booking Activities versions up to 1.16.48.1 lack proper authorization checks, allowing unauthenticated attackers to modify or delete data via network requests. The vulnerability does not expose sensitive information but can disrupt site operations. Update to a version newer than 1.16.48.1 to resolve this issue.
What an attacker can do
Modify or delete data on the site without logging in.
Potential impact on your site
Unauthorized changes or deletion of booking data and site content without admin approval.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities